D-Link NetDefendOS User Manual page 512

4. Enter 80 as the Destination Port
5. Select the HTTP ALG just created in the ALG list
6. Click OK
Finally, modify the NAT IP rule to use the new service:
1. Go to: Policies
2. Select the NAT rule handling the HTTP traffic
3. Select http_content_filtering from the Service list
4. Click OK
Web content filtering is now activated for all web traffic from lannet to all-nets.
We can validate the functionality with the following steps:
1. On a workstation on the lannet network, launch a standard web browser.
2. Try to browse to a search site. For example, www.google.com.
3. If everything is configured correctly, the web browser will present a web page that informs
the user about that the requested site is blocked.
Web Content Filtering with HTTPS
It is possible in the HTTP ALG to have either the ALG apply to either HTTP or HTTPS traffic or both.
If filtering of HTTPS traffic is to work then the Service object associated with the ALG should be
one that allows the appropriate port numbers.
For example, the predefined service http-all could be used when both HTTP (port 80) and HTTPS
(port 443) traffic are allowed. A custom service may need to be defined and used if an existing
pre-defined service does not meet the requirements of the traffic.
A further point to note with WCF over an HTTPS connection is that if access to a particular site is
denied, the HTTPS connection is automatically dropped. This means that the browser will not be
able to display the usual NetDefendOS generated messages to indicate that the WCF feature has
intervened and why. Instead, the browser will only display its own message to indicate the
connection is broken.
The Fail Mode setting can also affect HTTP connections. If no hostname is found in either the
ClientHello from the client or the ServerHello from the server in the initial HTTPS handshake
session before encrypted packets are sent then the connection is dropped if the Fail Mode action
is Deny and not dropped if the action is Allow.
Audit Mode
In Audit Mode, the system will classify and log all surfing according to the content filtering policy,
but restricted web sites will still be accessible to the users. This means the content filtering
feature of NetDefendOS can then be used as an analysis tool to analysis what categories of
websites are being accessed by a user community and how often.
512
Chapter 6: Security Mechanisms